tiktok-monetization.ru Open in urlscan Pro
188.225.40.227 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tiktok-monetization.ru/
Effective URL:
http://tiktok-monetization.ru/login/phone-or-email/phone/
Submission Tags: falconsandbox
Submission: On October 01 via api (October 1st 2021, 10:08:22 pm UTC) from US — Scanned from DE

Summary HTTP 15 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 188.225.40.227, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is tiktok-monetization.ru.

This is the only time tiktok-monetization.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: TikTok (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 4	188.225.40.227 188.225.40.227	9123 (TIMEWEB-AS) (TIMEWEB-AS)
6	95.101.27.10 95.101.27.10	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	95.101.27.12 95.101.27.12	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
15	4

4 188.225.40.227 (Russian Federation) 1 redirects

ASN9123 (TIMEWEB-AS, RU)
PTR: vh386.timeweb.ru

tiktok-monetization.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 95.101.27.10 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-27-10.deploy.static.akamaitechnologies.com

s16.tiktokcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 95.101.27.12 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-27-12.deploy.static.akamaitechnologies.com

sf16-scmcdn-va.ibytedtos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	ibytedtos.com sf16-scmcdn-va.ibytedtos.com	7 KB
6	tiktokcdn.com s16.tiktokcdn.com	522 KB
4	tiktok-monetization.ru 1 redirects tiktok-monetization.ru	53 KB
15	3

	Domain	Requested by
6	sf16-scmcdn-va.ibytedtos.com	tiktok-monetization.ru
6	s16.tiktokcdn.com	tiktok-monetization.ru
4	tiktok-monetization.ru	1 redirects tiktok-monetization.ru
15	3

This site contains links to these domains. Also see Links.

Domain
www.tiktok.com

Subject Issuer	Validity	Valid
*.tiktokcdn.com RapidSSL RSA CA 2018	`2020-06-11` - `2022-06-12`	2 years	crt.sh
*.ibytedtos.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://tiktok-monetization.ru/login/phone-or-email/phone/
Frame ID: 4EFE5AE6CD86023DD87BABF0E9D62403
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in with phone or email | TikTok

Page URL History Show full URLs

http://tiktok-monetization.ru/ Page URL
http://tiktok-monetization.ru/login/phone-or-email/phone HTTP 301
http://tiktok-monetization.ru/login/phone-or-email/phone/ Page URL

Page Statistics

15
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

581 kB
Transfer

1082 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.tiktok.com/feedback/
Title: Feedback and help

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/signup
Title: Sign up

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tiktok-monetization.ru/ Page URL
http://tiktok-monetization.ru/login/phone-or-email/phone HTTP 301
http://tiktok-monetization.ru/login/phone-or-email/phone/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ tiktok-monetization.ru/	335 B 498 B	227ms 43ms	Document text/html	188.225.40.227 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://tiktok-monetization.ru/ Protocol HTTP/1.1 Server 188.225.40.227 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh386.timeweb.ru Software nginx/1.20.1 / Resource Hash Request headers Host tiktok-monetization.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server nginx/1.20.1 Date Fri, 01 Oct 2021 22:08:18 GMT Content-Type text/html; charset=UTF-8 Content-Length 335 Connection keep-alive
GET H/1.1	200 OK	Primary Request / Show response tiktok-monetization.ru/login/phone-or-email/phone/ Redirect Chain http://tiktok-monetization.ru/login/phone-or-email/phone http://tiktok-monetization.ru/login/phone-or-email/phone/	167 KB 28 KB	147ms 147ms	Document text/html	188.225.40.227 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL http://tiktok-monetization.ru/login/phone-or-email/phone/ Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/ Protocol HTTP/1.1 Server 188.225.40.227 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh386.timeweb.ru Software nginx/1.20.1 / Resource Hash `09dfb2a66a67a1878089c28b55c6f219a47d42ab74517880de158a84e14c46de` Request headers Host tiktok-monetization.ru Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://tiktok-monetization.ru/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://tiktok-monetization.ru/ Response headers Server nginx/1.20.1 Date Fri, 01 Oct 2021 22:08:18 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Content-Encoding gzip Redirect headers Server nginx/1.20.1 Date Fri, 01 Oct 2021 22:08:18 GMT Content-Type text/html; charset=iso-8859-1 Content-Length 265 Connection keep-alive Location http://tiktok-monetization.ru/login/phone-or-email/phone/
GET H2	200	sofiapro-bold.otf s16.tiktokcdn.com/musical/resource/mtact/static/fonts/	163 KB 91 KB	77ms 24ms	Font font/otf	95.101.27.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://s16.tiktokcdn.com/musical/resource/mtact/static/fonts/sofiapro-bold.otf Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.27.10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-10.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `dd3544c991134803b697653dbffa19ee05654397f1321d1c1a1af4d43f080b76` Request headers Referer http://tiktok-monetization.ru/ Origin http://tiktok-monetization.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-akamai-request-id 98f78b6 date Fri, 01 Oct 2021 22:08:18 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static x-cache TCP_HIT from a92-123-107-10.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (-) server-timing cdn-cache; desc=HIT, edge; dur=1 last-modified Thu, 06 Aug 2020 04:32:03 GMT server nginx etag "5f2b87c3-28c94" vary Accept-Encoding content-type font/otf access-control-allow-origin * x-check-cacheable YES cache-control max-age=13071693 accept-ranges bytes expires Wed, 02 Mar 2022 05:09:51 GMT
GET H2	200	sofiapro-medium.otf s16.tiktokcdn.com/musical/resource/mtact/static/fonts/	161 KB 89 KB	78ms 25ms	Font font/otf	95.101.27.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://s16.tiktokcdn.com/musical/resource/mtact/static/fonts/sofiapro-medium.otf Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.27.10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-10.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `362732757fd8ef2a7aca850ca0c0a291c44a1192c367281e532be6b90acab235` Request headers Referer http://tiktok-monetization.ru/ Origin http://tiktok-monetization.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-akamai-request-id 98f78b7 date Fri, 01 Oct 2021 22:08:18 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static x-cache TCP_HIT from a92-123-107-10.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (-) server-timing cdn-cache; desc=HIT, edge; dur=1 last-modified Thu, 06 Aug 2020 04:32:03 GMT server nginx etag "5f2b87c3-28288" vary Accept-Encoding content-type font/otf access-control-allow-origin * x-check-cacheable YES cache-control max-age=4404768 accept-ranges bytes expires Sun, 21 Nov 2021 21:41:06 GMT
GET H2	200	sofiapro-regular.otf s16.tiktokcdn.com/musical/resource/mtact/static/fonts/	155 KB 86 KB	79ms 26ms	Font font/otf	95.101.27.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://s16.tiktokcdn.com/musical/resource/mtact/static/fonts/sofiapro-regular.otf Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.27.10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-10.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `e145b1a56b822a1f604021905dc0c661a5447c13a569b6424be2abc8c140b668` Request headers Referer http://tiktok-monetization.ru/ Origin http://tiktok-monetization.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-akamai-request-id 98f78b8 date Fri, 01 Oct 2021 22:08:18 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static x-cache TCP_HIT from a92-123-107-10.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (-) server-timing cdn-cache; desc=HIT, edge; dur=1 last-modified Thu, 06 Aug 2020 04:32:03 GMT server nginx etag "5f2b87c3-26bf4" vary Accept-Encoding content-type font/otf access-control-allow-origin * x-check-cacheable YES cache-control max-age=2927038 accept-ranges bytes expires Thu, 04 Nov 2021 19:12:16 GMT
GET H/1.1	200 OK	loading.gif tiktok-monetization.ru/login/phone-or-email/	23 KB 23 KB	49ms 35ms	Image image/gif	188.225.40.227 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://tiktok-monetization.ru/login/phone-or-email/loading.gif Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol HTTP/1.1 Server 188.225.40.227 , Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh386.timeweb.ru Software nginx/1.20.1 / Resource Hash `6f17dbea8b6db5fd570d0a498b3a082691979671adf03ac1aa3c20697ec8296e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host tiktok-monetization.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://tiktok-monetization.ru/login/phone-or-email/phone/ Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://tiktok-monetization.ru/login/phone-or-email/phone/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Fri, 01 Oct 2021 22:08:18 GMT Last-Modified Sat, 18 Sep 2021 19:40:41 GMT Server nginx/1.20.1 ETag "614640b9-5c95" Content-Type image/gif Cache-Control max-age=2678400 Connection keep-alive Accept-Ranges bytes Content-Length 23701 Expires Mon, 01 Nov 2021 22:08:18 GMT
GET H2	200	help.a708bf24.svg sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/	824 B 1 KB	40ms 7ms	Image image/svg+xml	95.101.27.12 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/help.a708bf24.svg Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.27.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-12.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `69f0d1d60fbc8338cedd9c36c4068b2dea90624afcc37957854862649e44262d` Request headers Accept-Language de-DE,de;q=0.9 Referer http://tiktok-monetization.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-akamai-request-id c683320 date Fri, 01 Oct 2021 22:08:18 GMT content-encoding gzip vary Accept-Encoding x-expires-ms 1631739175705 content-md5 YSR3Dgc67D7Ouqg14Wn3Gg== x-cache TCP_MEM_HIT from a92-123-107-12.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (-) x-tt-trace-tag id=16;cdn-cache=hit;type=static x-bdcdn-cache-status TCP_HIT server-timing cdn-cache; desc=HIT, edge; dur=0, inner; dur=4 content-length 389 x-tos-request-id 8d8a6e42010ad797-abd2f21 x-tos-response-time Wed, 15 Sep 2021 14:19:54 GMT last-modified Tue, 14 Sep 2021 13:50:33 GMT server nginx access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/svg+xml access-control-allow-origin * x-check-cacheable YES cache-control max-age=1181487 access-control-allow-credentials false x-tt-trace-host 01473f790e1359245d412fd0f5ea8de4c60a4f0a53034703a9c04b21a4cc59f8e7b578c5a80fe508a8d797f0bef27cf8e5dec1d3d323e30e9b75090b0e911f2d394917d525f2595a37318e45ddc55fe520c41134ebb06de6099f498ea63d5cf994a4342477f08a770d4f9f8c71dc5ae0f4 accept-ranges bytes access-control-allow-headers *
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `34833eca688407faa4d2e17c650c445c447ad535c0a24611b26f4a608ba438cf` Request headers Accept-Language de-DE,de;q=0.9 Referer http://tiktok-monetization.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET H2	200	openSelector.3e786e4d.svg sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/	357 B 1 KB	41ms 8ms	Image image/svg+xml	95.101.27.12 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/openSelector.3e786e4d.svg Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.27.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-12.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `9426ab3e4ef10c1b356eb95de2a204d3ea259bdf66c340b14f92169771d5816d` Request headers Accept-Language de-DE,de;q=0.9 Referer http://tiktok-monetization.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-akamai-request-id c683321 date Fri, 01 Oct 2021 22:08:18 GMT content-encoding gzip vary Accept-Encoding x-expires-ms 1630792704232 content-md5 Sa3RhysO+frqdmNLtTEtdg== x-cache TCP_MEM_HIT from a92-123-107-12.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (A) x-tt-trace-tag id=16;cdn-cache=hit;type=static x-bdcdn-cache-status TCP_MISS server-timing cdn-cache; desc=HIT, edge; dur=0, inner; dur=144 content-length 257 x-tos-request-id cae8433ebff236a-abf3f17 x-tos-response-time Sat, 04 Sep 2021 21:58:23 GMT last-modified Thu, 26 Aug 2021 10:56:27 GMT server nginx access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/svg+xml access-control-allow-origin * x-check-cacheable YES cache-control max-age=258649 access-control-allow-credentials false x-tt-trace-host 0153f370fc5fb44a61f6220c4362d16e0f6314594bfd35ccffbdd1ec8b7ef56b2bd77afabd303018271a5c54b8f9b1e3c60858ffb0785f0e9b1e42b77ea5d29d715a4fc8a6b102c34325ed229a6a206ec674b00a28ac7e0aae2481e0b4216480734f2bf43e0a4f551df30ff65cf979afaf4485d9ebe7cfe435725befea5de6ce9b accept-ranges bytes access-control-allow-headers *
GET H/1.1	200 OK	error.d9f0b771.svg sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/	753 B 2 KB	27ms 7ms	Image image/svg+xml	95.101.27.12 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL http://sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/error.d9f0b771.svg Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol HTTP/1.1 Server 95.101.27.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-12.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `4f3db8175cf894afdcba2e8c502f4c599a4c2fee6c1990d1e4f74fd71123a5ba` Request headers Accept-Language de-DE,de;q=0.9 Referer http://tiktok-monetization.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers X-Akamai-Request-ID c683319 Date Fri, 01 Oct 2021 22:08:18 GMT Content-Encoding gzip Vary Accept-Encoding X-Expires-MS 1631421064594 Content-MD5 l+6QfpLgBdW9UgJie3CEgg== X-Cache TCP_HIT from a92-123-107-12.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (-) x-tt-trace-tag id=16;cdn-cache=hit;type=static X-Bdcdn-Cache-Status TCP_MISS Server-Timing cdn-cache; desc=HIT, edge; dur=2, inner; dur=112 Content-Length 395 X-Tos-Request-Id 5b87243d8287b0d6-abc2366 X-Tos-Response-Time Sun, 12 Sep 2021 04:31:03 GMT Last-Modified Wed, 08 Sep 2021 06:59:00 GMT Server nginx Cache-Control max-age=886930 Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/svg+xml Access-Control-Allow-Origin * X-Check-Cacheable YES Connection keep-alive Access-Control-Allow-Credentials false x-tt-trace-host 019081f7594a3cc702d84fa0dbed81a2aa08165a05d472d5758bd5dde3c6d9801373bb2f89854ccb8cabef97e05f13a65976a8e28c58c5d8ac47df188038fbd113aa87dc0c5b40c1ad815ca64332ded83f734bcf4387335487146709956abc1ebf171f3f8a5fb6e77aa8cc6f15024193f6 Accept-Ranges bytes Access-Control-Allow-Headers *
GET H2	200	search.73141555.svg sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/	578 B 1 KB	42ms 11ms	Image image/svg+xml	95.101.27.12 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/search.73141555.svg Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.27.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-12.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `d63e03591eca3b9aab7823154a09cea4d0fdbe628a6b9ea5cc38437be443f206` Request headers Accept-Language de-DE,de;q=0.9 Referer http://tiktok-monetization.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-akamai-request-id c683323 date Fri, 01 Oct 2021 22:08:18 GMT content-encoding gzip vary Accept-Encoding x-expires-ms 1631512245706 content-md5 t7w64DTFBdCDOMioBPU5fQ== x-cache TCP_HIT from a92-123-107-12.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (-) x-tt-trace-tag id=16;cdn-cache=hit;type=static x-bdcdn-cache-status TCP_HIT server-timing cdn-cache; desc=HIT, edge; dur=2, inner; dur=0 content-length 308 x-tos-request-id 25d383ec16d4298-abd2f1a x-tos-response-time Mon, 13 Sep 2021 03:11:41 GMT last-modified Wed, 08 Sep 2021 06:59:00 GMT server nginx access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/svg+xml access-control-allow-origin * x-check-cacheable YES cache-control max-age=968686 access-control-allow-credentials false x-tt-trace-host 015676e3eb3570f716e1f903bf4cf4b277869d543c61a371dc0cdf14981ae94a0d430b6044e770e60dac8d0999abfd6ed52717913fec79cf2a31d7150597d69d5061686b9b07e08ffccdfc3d698c7e9ef33eb9716e74a766446eb5fc5ffc869f9a30f730d481da84f3d6f5d150f87594c487f21ec407a6c0ab6df3771d06e39ae0 accept-ranges bytes access-control-allow-headers *
GET H2	200	back_bold.9a9bc698.svg sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/	610 B 1 KB	43ms 12ms	Image image/svg+xml	95.101.27.12 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/back_bold.9a9bc698.svg Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.27.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-12.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `2d76d5e203f23b8dafcd4aac449b38585844fcc3fcdb4da39cc8758f37000250` Request headers Accept-Language de-DE,de;q=0.9 Referer http://tiktok-monetization.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-akamai-request-id c683324 date Fri, 01 Oct 2021 22:08:18 GMT content-encoding gzip vary Accept-Encoding x-expires-ms 1631993916846 content-md5 H6Mp6orOLa6mgj7SNGkyqg== x-cache TCP_HIT from a92-123-107-12.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (-) x-tt-trace-tag id=16;cdn-cache=hit;type=static x-bdcdn-cache-status TCP_MISS server-timing cdn-cache; desc=HIT, edge; dur=1, inner; dur=100 content-length 349 x-tos-request-id 3f3fb346403b6d51-abe969d x-tos-response-time Sat, 18 Sep 2021 19:38:35 GMT last-modified Fri, 17 Sep 2021 12:08:53 GMT server nginx access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/svg+xml access-control-allow-origin * x-check-cacheable YES cache-control max-age=1459724 access-control-allow-credentials false x-tt-trace-host 01283ab24bd2ba57541cc19d32ae3981107e8b0f472343b390fcb453b7383a105adfb8da79c87aca875d7e41e1f986be775a9cda89507fbba232a395cac67c464108c264e20fc29b084db0e33b7f2dd9294d5d00413dbe33931afd33351d5ed3febb05d94503f3a200ab4bdf07fac85ff0 accept-ranges bytes access-control-allow-headers *
GET H2	200	arrow.f377b007.svg sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/	306 B 1 KB	35ms 10ms	Image image/svg+xml	95.101.27.12 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/arrow.f377b007.svg Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.27.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-12.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `4dc2b912705bc72035bc6d47e530126ea5ea8cde0c3129d30e9016abd48591d4` Request headers Accept-Language de-DE,de;q=0.9 Referer http://tiktok-monetization.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-akamai-request-id c683325 date Fri, 01 Oct 2021 22:08:18 GMT content-encoding gzip vary Accept-Encoding x-expires-ms 1631244747077 content-md5 NuXzkv2DEf+eS7XSlAdbMw== x-cache TCP_MEM_HIT from a92-123-107-12.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (-) x-tt-trace-tag id=16;cdn-cache=hit;type=static x-bdcdn-cache-status TCP_HIT server-timing cdn-cache; desc=HIT, edge; dur=0, inner; dur=0 content-length 229 x-tos-request-id 7b42a33aa35fe83e-abf38c9 x-tos-response-time Fri, 10 Sep 2021 00:14:23 GMT last-modified Wed, 08 Sep 2021 06:59:00 GMT server nginx access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/svg+xml access-control-allow-origin * x-check-cacheable YES cache-control max-age=698728 access-control-allow-credentials false x-tt-trace-host 0187bc7e1f3668fff7b8606f6e00c1346baf8c3a7fcdd0c199a91df2fcbfd52278e4119c46572fe66a0ed74d028e688911c3bde47872b764f6013ffc044d16f52584c44e270eec27b60480deca583f7e33f6054764f11d91a88dbdd0ad6ec000f6dd19fabc043ea9e5af454df337720ceaaf43c01864cf01b02d62124a688fc99f accept-ranges bytes access-control-allow-headers *
GET H2	200	proxima-nova-regular.otf s16.tiktokcdn.com/musical/resource/mtact/static/fonts/	134 KB 85 KB	30ms 11ms	Font font/otf	95.101.27.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://s16.tiktokcdn.com/musical/resource/mtact/static/fonts/proxima-nova-regular.otf Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.27.10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-10.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `21387d49779e6ad4ce969a865eb7543619aa37f3bd9c3243018340b08b774e3e` Request headers Referer http://tiktok-monetization.ru/ Origin http://tiktok-monetization.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-akamai-request-id 98f78b3 date Fri, 01 Oct 2021 22:08:18 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static x-cache TCP_MEM_HIT from a92-123-107-10.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (-) server-timing cdn-cache; desc=HIT, edge; dur=0 last-modified Thu, 06 Aug 2020 04:32:03 GMT server nginx etag "5f2b87c3-218dc" vary Accept-Encoding content-type font/otf access-control-allow-origin * x-check-cacheable YES cache-control max-age=5695460 accept-ranges bytes expires Mon, 06 Dec 2021 20:12:38 GMT
GET H2	200	proxima-nova-bold.otf s16.tiktokcdn.com/musical/resource/mtact/static/fonts/	138 KB 87 KB	36ms 17ms	Font font/otf	95.101.27.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://s16.tiktokcdn.com/musical/resource/mtact/static/fonts/proxima-nova-bold.otf Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.27.10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-10.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `b1fb6db7fb9b71519ef57c1352cd8510e9789110fbc780103a2becfa850bb79d` Request headers Referer http://tiktok-monetization.ru/ Origin http://tiktok-monetization.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-akamai-request-id 98f78b4 date Fri, 01 Oct 2021 22:08:18 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static x-cache TCP_MEM_HIT from a92-123-107-10.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (-) server-timing cdn-cache; desc=HIT, edge; dur=0 last-modified Thu, 06 Aug 2020 04:32:03 GMT server nginx etag "5f2b87c3-22970" vary Accept-Encoding content-type font/otf access-control-allow-origin * x-check-cacheable YES cache-control max-age=1875779 accept-ranges bytes expires Sat, 23 Oct 2021 15:11:17 GMT
GET H2	200	proxima-nova-semibold.otf s16.tiktokcdn.com/musical/resource/mtact/static/fonts/	135 KB 85 KB	31ms 12ms	Font font/otf	95.101.27.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://s16.tiktokcdn.com/musical/resource/mtact/static/fonts/proxima-nova-semibold.otf Requested by Host: tiktok-monetization.ru URL: http://tiktok-monetization.ru/login/phone-or-email/phone/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.27.10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-10.deploy.static.akamaitechnologies.com Software nginx / Resource Hash `ce4993b1c3acb40b5c298d10d45d38f13a913588ff5dc5e078697de692ff8f1b` Request headers Referer http://tiktok-monetization.ru/ Origin http://tiktok-monetization.ru Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-akamai-request-id 98f78b5 date Fri, 01 Oct 2021 22:08:18 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static x-cache TCP_MEM_HIT from a92-123-107-10.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34537092) (-) server-timing cdn-cache; desc=HIT, edge; dur=0 last-modified Thu, 06 Aug 2020 04:32:03 GMT server nginx etag "5f2b87c3-21a08" vary Accept-Encoding content-type font/otf access-control-allow-origin * x-check-cacheable YES cache-control max-age=14278904 accept-ranges bytes expires Wed, 16 Mar 2022 04:30:02 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: TikTok (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s16.tiktokcdn.com
sf16-scmcdn-va.ibytedtos.com
tiktok-monetization.ru
188.225.40.227
95.101.27.10
95.101.27.12
09dfb2a66a67a1878089c28b55c6f219a47d42ab74517880de158a84e14c46de
21387d49779e6ad4ce969a865eb7543619aa37f3bd9c3243018340b08b774e3e
2d76d5e203f23b8dafcd4aac449b38585844fcc3fcdb4da39cc8758f37000250
34833eca688407faa4d2e17c650c445c447ad535c0a24611b26f4a608ba438cf
362732757fd8ef2a7aca850ca0c0a291c44a1192c367281e532be6b90acab235
4dc2b912705bc72035bc6d47e530126ea5ea8cde0c3129d30e9016abd48591d4
4f3db8175cf894afdcba2e8c502f4c599a4c2fee6c1990d1e4f74fd71123a5ba
69f0d1d60fbc8338cedd9c36c4068b2dea90624afcc37957854862649e44262d
6f17dbea8b6db5fd570d0a498b3a082691979671adf03ac1aa3c20697ec8296e
9426ab3e4ef10c1b356eb95de2a204d3ea259bdf66c340b14f92169771d5816d
b1fb6db7fb9b71519ef57c1352cd8510e9789110fbc780103a2becfa850bb79d
ce4993b1c3acb40b5c298d10d45d38f13a913588ff5dc5e078697de692ff8f1b
d63e03591eca3b9aab7823154a09cea4d0fdbe628a6b9ea5cc38437be443f206
dd3544c991134803b697653dbffa19ee05654397f1321d1c1a1af4d43f080b76
e145b1a56b822a1f604021905dc0c661a5447c13a569b6424be2abc8c140b668

tiktok-monetization.ru Open in urlscan Pro 188.225.40.227 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

15 Requests

73 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

581 kBTransfer

1082 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

tiktok-monetization.ru Open in urlscan Pro
188.225.40.227 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

581 kB
Transfer

1082 kB
Size

0
Cookies

15 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!